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Because of the efficiency of the system and the fact that it successfully 
completed the tasks that were given to it under specific conditions, we are 
compelled to look for a way to measure these requirements according to the 
conditions and guidelines that were established by the people who make use 
of the system. Conduct an investigation into the many techniques that are 
available for use in analysis in light of the following conditions: i) sufficient 
time to detect the mistake, ii) time to maintenance, iii) the total number of 
constituents involved in the analytical process, and iv) an explanation of the 
level of complexity provided to the user. In this article, we will provide a 
concise overview of a number of different approaches, along with our 
recommendations for the most effective ones based on the issues raised 
earlier. 
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1. INTRODUCTION 

Due to the interplay between technology and daily life, it is crucial to ensure the reliability and security 
of the methods employed. Course participants create a requirements map for the analytical procedure that takes 
these factors into account. We surveyed potential attacks on the system using three modern methods: the 
reliability block diagram (RBD) initial way, this system analysis technique, and attacks that affect the 
functioning of the system and refer to interstitial sections where their causes are discussed [1]. Attack tree 
analysis is the alternate strategy. The attack tree analysis (ATA) method assesses potential attacks on a system 
by creating a tree for attacks on all system components. When constructing the tree, the study considers the 
system's dependability and security [2]. The third approach Although the previous approach of forming the 
tree relies on physical components and software components, we now rely on the software components and 
attacks that may infect them, but the two methods are interconnected. 

International standards [3] and the conditions that must be met to attain safety and availability can be 
used to evaluate the level of risk associated with a controlling system and observations. Ali and Gruska [4], the 
method is used to detect a failure or weak areas that enhance the likelihood of cyberattacks on the system, in 
addition to detecting a threat that will be used to carry out security vulnerability analysis and record the state 
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of the system while under attack. Information security risk assessment using hypothetical situations is 
demonstrated in [5]. This tactic was motivated by attacks of the advanced persistent threat (APT) variety. chief 
security officer (CSO) security management at the management level can be aided by using risk scenarios to 
evaluate the security threat to an information system, and some sample attack scenarios are presented. Due to 
the findings of this study, security measures for network control systems have been significantly bolstered, and 
weaknesses in the system's design due to hardware and software defects have become the primary target of [6]. 
Examining the device, and highlighting potential weak spots in the system, is how [7], [8] demonstrate field- 
programmable gate arrays (FPGA's) security as a platform. It's possible that we'll see FPGAs’ advantages on 
other devices at the same time. Shulman and co-founder [9], we can see the most commonly attacked targets 
in the database, together with the number of attacks that have resulted from those assaults; this gives us the 
opportunity to look into every probable reason of system failure. Its primary function is to guarantee the 
security of both the controlling and observational systems. Al-Sudani et al. [10], IMECA/FMECA can be used 
to estimate the likelihood of a system failing. Also, it shows that the system can fix itself after malfunctions [11]. 
The key component of a controlling system and observation is the wireless units. It might be helpful to evaluate 
the unit in light of its vulnerable status during an attack [12]. 


2. PROPSED MEHTOD 

According to the system design and the division of parts that make up three levels, the first level 
processing unite and often crosses the CPU according to. The second part of the system design is 
telecommunication level and only sending and receiving information wireless according to [11] the use of 
wireless expensive and less complex than using wire, but security and privacy problems are discussed in this 
work in detail. Following secession analysis system levels according different scenario from attacks and 
vulnerability. In next section will describe the system according the levels and scenario of attack can be effect 
on system [13]. 


2.1. Analysis ending device 

Which is responsible for feeding the system the information and data required to complete the tasks 
provided to the system parts that can cause hardware failure, which are regarded as failures. Which is 
responsible for feeding the system the information and data required to complete the tasks. The inability of the 
hardware to function at the third level RBD as designed does not have an impact on the functioning of the 
system; however, it is essential to think about the system in terms of its capacity to tolerate errors. 


2.2. Analysis the vulnerability of wirelesses communication design 

Communication it’s the tools responsible of counted the system together, let's take a closer look at 
wireless networks. They are made up of four fundamental parts. Users, access points, and client devices 
(laptops and PDAs) all play a role in the transfer of data through radio frequencies. A breach of confidentiality, 
integrity, and availability may occur if the supplied components are attacked or have weaknesses. The 
following are examples of wireless network attacks: i) accidental association: this is an example of an intrusion 
into a company's wireless network without permission. Users may not be aware that they have connected to an 
access point on an adjacent network when they first switch on their computer. Information from one firm might 
be linked to information from another if a security breach occurs. Wired networks are the same as wireless 
networks when it comes to laptops. ii) Ad-hoc networks: networks connecting wireless computers that do not 
have access points are known as ad-hoc networks. These networks aren't often well-protected, although 
encryption techniques may be utilized to improve security. iii) Man-in-the-middle attacks (MITM): an attacker 
is created (access point). A second step is for him to have additional computers log in via this virtual access 
point (VAP). After that, the hacker uses a different wireless card to connect to a genuine access point, allowing 
traffic to pass through the transparent hacking machine and into the actual network. Because of this, the attacker 
is able to monitor the flow. iv) Denial of service (Dos): attacking an access point or a network with false DoS 
attacks are defined as requests, failure messages, premature connection messages, and/or other instructions [14]. 
These attacks may prevent genuine users from accessing the network, and they may even bring down the whole 
system. The extensible authentication protocol (EAP) is a common target of these attacks (EAP). 


2.3. Vulnerability analysis of control level 

We can call the head or the mind of the system which are responsible control the system by sending 
command analysis data an so on according to the system design, attacks on the control level have risen as data 
held at those levels has become more widely accessible. Information that is critical to the system and data from 
many levels are included at the control level of CSO design. The likelihood of data theft rises when several 
people have access to the stored information [15]. In the CSO system, the attacker is trying to get their hands 
on crucial information, which they may use to attack or monitor the system. This is why it is essential to manage 
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this sort of access. The following are examples of several sorts of risks that may compromise security at the 
control level: i) Privilege abuse: when a database user has greater rights than normal. Intentionally or 
inadvertently, these rights might be misused. ii)Vulnerabilities in operating systems like Windows, UNIX, 
Linux, and others, in addition to the products and services linked to databases, might provide an entry point for 
attackers. DoS attacks may result if operating system security updates are not updated (when they become 
available). Let's take a look at what a database rootkit is first. In order to get access to database data and disable 
intrusion prevention systems, an application or process is buried within the database that grants administrator- 
level rights (IPS). Only when the underlying operating system has been compromised can a rootkit be deployed [16]. 
Using frequent audit trails, this issue may be resolved such that the database rootkit is not noticed. 
If authentication measures are sufficiently wicked, attackers may resort to social engineering and brute force 
to get access to database credentials. The database may presume the attacker is using the identities of legal 
database users to commit his or her assault. Database servers that have insufficient audit trails may be at danger, 
particularly in businesses that need strict regulatory compliance. In the case of an accident, we should recreate 
the event at a later date. We use payment card industry (PCI), sarbanes oxley (SOX), and health insurance 
portability and accountability act (HIPAA), all of which need substantial recording, to do this. A database's 
sensitive or unusual transactions must be automatically logged in order to address any issues that may arise. 
The final line of defense for a database is an audit trail. They are capable of detecting an incursion, which aids 
in tracing the breach to a specific time and user [17]. 


2.4. Design of a control and observation system under assault by cyber-attacks 

The purpose of a cyber-attack is to steal, change, or destroy a specific target in order to halt the 
operation of a target system. Individuals or whole businesses' computers, networks, and personal computing 
devices may be compromised to get access to sensitive data. Anonymity makes it difficult to track down the 
source of a danger, making it difficult to identify. An assault like this might be classified as cyber-warfare or 
terrorism. Installing spyware on a computer, trying to bring down a whole nation's infrastructure, and so on are 
all examples of cyber-attacks. It seems like every day, cyber-attacks become more sophisticated and lethal [18]. 

There are two types of cyber assaults: hardware attacks, which are designed to disrupt the functioning 
of physical components, and software attacks, which can read and modify all of the information included in 
the system design. Attackers may target any component of the system design in [10], according to system 
design. In hardware assaults, a virus or worm may be present in the chip and active throughout operation due 
to a manufacturer's mistake or flaw. Weaknesses in the system's design may be identified and exploited, for 
example, when wireless devices broadcast and receive data over a radio wave, software assaults might occur. 
In any of these cyber-attack situations, the hardware component may malfunction, and the software component 
may have an issue, resulting in the system failing. If we want to know how secure a building automation system 
(BAS) is, we need to think like an attacker attempting to get into the system, as stated in [10]. 

Cyberattacks on building automation systems may be broken down into three categories: i) the hacker 
gains access to the network by using a variety of tools to spy on it. If the attack's objective is to get entry inside, 
then that's a secondary goal. Attackers are looking for ways to spy on networks and read data across tiers in 
this initial stage of their assault strategy System downtime is increased due of assaults like these that are 
difficult to detect during normal operations. As a result, recovery time is prolonged and resolution times 
increase. It is necessary to improve network security in order to prevent this issue and assaults of this kind. ii) 
If the attacker's purpose is to halt the system's performance, this is another situation. This may be done by 
either allowing the worm to operate for an extended period of time or terminating the system's performance 
right away. In terms of how long it takes to recover from this assault, it depends on the level of the game it 
occurred on, i.e. a) If the attacker intends to halt a component of the automation system at the level where it 
was attacked. We may be able to fix the problem by altering or upgrading the system within the time it takes 
for the system to recover. The system may be able to function again, but it won't be able to do so at its full 
capacity. b) In this instance, the recovery time would be more complicated since the management level controls 
all system tasks and the system's performance may be disrupted. Cyberattacks on the management level have 
made it difficult to recover and costly to implement new systems. iii) Error of design, it is possible to take 
advantage of errors in the design in favor of the cyber attack, which affects the performance of the system in 
general, with the possibility of the system not performing the tasks assigned to it as a result of this attack [19]. 


2.5. System performance according to RBD, ATA and AcTA methods 

As arule, the purpose of an attack is to cause the system as a whole to fail to work as designed. When 
we talk about failure, we're talking about the likelihood of real failures in operational systems, as well as the 
discovery and characterization of the processes that could cause them. Developers and consumers need to know 
the answers "How may the system fail?" and "What are the consequences?" What are the repercussions if we 
fail? Likewise, "How many system failures can we expect?" We'll go through two of the more successful 
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approaches in the following section. That were designed to provide a response to these concerns, and then will 
compare to the results with the attack security tree analysis (AcTA) method, which it helps us to understand 
the system performance. For our work we take case study the smart building, according to [20], it become part 
from system design of IoT, and it need to be insuring and security [21]. 


2.6. Reliability block diagram analysis of controlling and observation system 

Analysis of systems may be done using the reliability block diagram. Graphics and formula are 
provided to aid in determining how reliable the system really is. Components of the system are represented by 
the blocks, which are collections of components that are not further subdivided. All of a system's components 
must be linked in series for it to fail if any one of them goes down. It is impossible for a system to function 
properly if its components are all linked in parallel. 

In Figure 1 RBD deals with a system availability of subsystem design for case study (smart building) 
to understand all components work and the effects on the system we need to take more details to take a big 
picture for the system. In Figure 2 we focus on controlling and observation system as the first part of system 
design, according to (1) can understand the part relation and the effects of components on system availability, 
but if we try to go deep in details, as can see in (3), details and information will be a lot to explain and detect 
where the error and how it can fix it. This system with simple components, and if we deal with a complex 
system the operation will take a long time and many details. Our vision for this method to use for simple system 
(home) without complexity in design [22]. 


RBD = COS * CU * EU (1) 
RBD = [H.c *S.c] + Tell (2) 
RBD = [(H.c * S.c) + Tell) * CU * EU. (3) 


Ss a 


Figure 1. Architecture system design of smart building 
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Figure 2. Architecture design of controlling and observation part from smart building 


2.7. Attack tree analysis of controlling and observation system 

Attack trees are a good example of this. It is a method for analyzing a system in an undesirable 
condition. After that, the system is examined in relation to its surroundings and functioning in order to uncover 
any potential points of failure. Both the OR-gate and the AND-gate will be examined in this section. The output 
event is shown by applying the OR-gate. Only if one or more of the input events occur will this output occur. 
All input assaults are required for an AND-gate attack to be triggered. It's required for us to identify the 
immediate, necessary, and sufficient causes of any event in the system in order to do a system analysis. These 
aren't the primary reasons of the event, but they are the proximate ones that led to it. Sub-goals are what we've 
come to refer to these days. Our investigation into what caused them may now go forward. In other words, we 
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work our way down the tree until we reach the node at the end of the attack tree's resolution limit, which is the 
leaf node (an atomic assault) [23]. According to Figure 3 the parameters of ATA depend on the inputs value of 
components, the probability of parameter depending on two issues (reliability and security) what it can't find in 
RBD, from this point we need to divided components to calculate the reliability and security in the same time. 


pf (t)2 = (COS * CU) (4) 


pf(t)1 =1-A-pf(t)2)a- pfs, (5) 


system availability 1 


Controlling and Observation Communication Unit Ending unit 


cos CU EU 


Figure 3. ATA analysis of smart building case study 


Taking controlling and observation system as part of our case study (smart building) and apply ATA 
to analyze the availability of COS as shown in Figure 4 and analysis the result of the method with a number of 
components in the system. We can see the issues of reliability and security for components. The following 
equation depicts the likelihood of system failure, the relationship between components, and the ultimate goal 
in terms ATA analyzing, PF(t)=probability of failure, t=interval from (0,t) of system life. 


pf(t)4 =1—- (1 — pf ©)10) A — pf Os) (6) 
pf(t)3 =1—-(1— pfs) — pf 7) (7) 
pf(t)2 =1-(1—-pf@)3)0 — pf 2) (8) 
Pf ()gate2 = 1-1 — pf®3)0 — pf Oz) (9) 
Pf (t)1 = Pf Os * Pf gate 2 (10) 


For the ATA analysis's top event (PF(t)), the overall probability of failure (PF(t)) changes based on 
the probability of failure for each component. Naoual et al. [24] system availability depending if system will 
pass the failure period and the result will be the same before failure, in the Table 1 the system availability using 
ATA, and measuring the degree of possibility system will be failure. All value of parameters applied (6)-(10) 
to get the final result [25]. 


Table 1. Risk of system failure for a certain time period using ATA (Chen and Chen 2021) 


no ___ The issues Components Number of gates Probability _ System probability to fault 
1 Security | Cybersecurity 5 0.009 

2 Security Software vulnerability 3 0.0123 

3 Reliability Hardware trojan (design fault) 5 0.0321 0.001365671 

4 Reliability Manufacturing fault/back attack 4 0.0391 

5 Reliability Physical failure during operation 4 0.01 

6 __ Reliability | Manufacturing hardware/trojan/back attack 16 0.0312 
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Figure 4. ATA analysis of controlling and observation part of case study (smart building) 


3. RESULTS AND DESCASTION 

In general, we have calculated the reliability of the system (safety and availability) by considering 
reliability issues, which depend on a range of factors: 
a) The total time to fiend error in system. 
b) Diagnostic speed to find fault and direct the result. 
c) Number of components included in analysis, if number be less better to track fault and find the reason. 
d) Level of complexity explained to the user. 
AcTA procedures focus the total solution and tree building on relying on security issue and neglecting or 
leaving the data sheet unlike the ATA that uses all data (security and reliability) as stated in [26], but in the use 
of RBD cannot identify elements that are under the influence of security, but the calculation is generally for 
the work of the system within a specified period of time. ATA to develop model that determines a reasonable 
chance of failure throughout the course of time RBD solves the possible failure of the system's work. With the 
same architecture of design of ATA, the AcTA deal with all security issues and isolate other issues. The new 
technology in the world and competition between companies to produce components, make the produce almost 
meet the market requirements without issues of failure (hardware and software). But the question what about 
security? As seen in Figure 5 the methods deal with security and isolate other issues. 


pf(t)h =pf(O2*refOs (11) 


For the same values of the input, we can find the probability of system failure which affects the 
availability will approximate around (0.00125511), and if we compare the value with ATA reading will see 
there are little differences between reading. From this point, our analysis to comparison between these three 
methods and as shown in Figure 6. we can collect and analyze the information for methods depending on time 
and number of components. All these results and information are collected depending on the case studded 
(smart building) [27]. 
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Figure 5. AcTA analysis of controlling and observation part of case study (smart building) 


Assessment of control and monitoring system design security using the attack ... (Mustafa Qahtan Alsudani) 


826 0 ISSN: 2502-4752 


70 
— = RBD 
a ATA + 
60 ~O-— AcTA 7 
* 
= 50 “i 
[=] 
I / 
i * 
& 40 
S * 
2 30 * 
3 a 
~ 20 re 
Pind 
o ail 
10} Pe 
= eo eB 
ae ; go Bee 8--8- 
gh 8 -82-8--8-s 
ol gases 
1°] 5 10 15 


number of components 


Figure 6. Results of three methods analysis 


4. CONCLUSION 

According to our analysis of the system design, we evaluated the system's chance of failure based on real- 
world data, and we identified weaknesses in the system's design. This analysis was done using a number of methods. 
These methods help to understand the point that needs to be secure and focused during design, AcTA give the 
minimum level of analysis with only the important component. The next step is to apply AcTA method with a 
complex system and union the components as one system to easily input data and calculate the result of system 
availability, taking into account the possibility a system recovery through a short time without effect on system work. 
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